Beyond Web of Trust: Enabling P2P e-Commerce

The long-term goal would be to design a fully functional decentralized system which resembles eBay without eBay’s dedicated, centralized infrastructure. Since security (authenticity, non-repudiation, trust, etc.) is key to any e-commerce infrastructure, our envisioned P2P e-commerce platform has to address this adequately. As the first step in this direction we present an approach for a completely decentralized P2P public key infrastructure (PKI) which can serve as the basis for higher-level security service. In contrast to other systems in this area, such as PGP which uses a “web of trust” concept, we use a statistical approach which allows us to provide an analytical model with provable guarantees, and quantify the behavior and specific properties of the PKI. To justify our claims we provide a first-order analysis and discuss its resilience against various known threats and attack scenarios.

In support of our belief that C2C E-commerce is one of the potential killer applications of the emerging structured P2P systems, we provide a layered model for P2P E-commerce, demonstrating the dependencies of various security related issues that can be built on top of a decentralized PKI.